Initial commit with changes from previous PR

mattmcinnes · mattmcinnes · commit 4966e821e64c · 2024-08-06T14:30:45.000-07:00
diff --git a/articles/confidential-computing/TOC.yml b/articles/confidential-computing/TOC.yml
@@ -43,6 +43,8 @@
       href: confidential-vm-faq.yml
     - name: Guest attestation for confidential VMs
       href: guest-attestation-confidential-vms.md
+    - name: About Azure confidential GPUs
+      href: gpu-options.md
     - name: Microsoft Defender for Cloud integration
       href: guest-attestation-defender-for-cloud.md
     - name: Virtual TPMs in Azure confidential VMs
diff --git a/articles/confidential-computing/confidential-vm-overview.md b/articles/confidential-computing/confidential-vm-overview.md
@@ -3,8 +3,8 @@ title: About Azure confidential VMs
 description: Learn about Azure confidential virtual machines. These series are for tenants with high security and confidentiality requirements.
 author: ju-shim
 ms.author: mmcrey
-ms.service: azure-virtual-machines
-ms.subservice: azure-confidential-computing
+ms.service: virtual-machines
+ms.subservice: confidential-computing
 ms.custom:
   - ignite-2023
 ms.topic: overview
@@ -31,7 +31,6 @@ Azure confidential VMs offer strong security and confidentiality for tenants. Th
 - Secure key release with cryptographic binding between the platform's successful attestation and the VM's encryption keys.
 - Dedicated virtual [Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-overview) instance for attestation and protection of keys and secrets in the virtual machine.
 - Secure boot capability similar to [Trusted launch for Azure VMs](../virtual-machines/trusted-launch.md)
-- Ultra disk capability is supported on confidential VMs
 
 ## Confidential OS disk encryption
 
@@ -87,6 +86,7 @@ Confidential VMs support the following VM sizes:
 - General Purpose with local disk: DCadsv5-series, DCedsv5-series
 - Memory Optimized without local disk: ECasv5-series, ECesv5-series
 - Memory Optimized with local disk: ECadsv5-series, ECedsv5-series
+- NVIDIA H100 Tensor Core GPU powered NCCadsH100v5-series
 
 ### OS support
 Confidential VMs support the following OS options:
@@ -124,6 +124,7 @@ Confidential VMs *don't support*:
 - Microsoft Azure Virtual Machine Scale Sets with Confidential OS disk encryption enabled
 - Limited Azure Compute Gallery support
 - Shared disks
+- Ultra disks
 - Accelerated Networking
 - Live migration
 - Screenshots under boot diagnostics
diff --git a/articles/confidential-computing/gpu-options.md b/articles/confidential-computing/gpu-options.md
@@ -0,0 +1,94 @@
+---
+title: Azure Confidential GPU options
+description: Learn about Azure Confidential VMs with confidential GPU.
+author: kphande
+ms.author: khande
+ms.reviewer: ju-shim 
+ms.service: azure-virtual-machines
+ms.subservice: confidential-computing
+ms.custom: confidential-compute
+ms.topic: conceptual
+ms.date: 07/16/2024
+---
+
+# Azure Confidential GPU options
+
+Azure confidential GPUs are based on AMD 4th Gen EPYC processors with SEV-SNP technology and NVIDIA H100 Tensor Core GPUs. In this VM SKU Trusted Execution Environment (TEE) spans confidential VM on the CPU and attached GPU, enabling secure offload of data, models and computation to the GPU.  
+ 
+## Sizes
+
+We offer the following VM sizes:
+
+| Size Family          | TEE | Description                                                                         |
+| ------------------ | ------------ | ----------------------------------------------------------------------------------- |
+| [**NCCadsH100v5-series**](../virtual-machines/sizes/gpu-accelerated/nccadsh100v5-series.md) | AMD SEV-SNP and NVIDIA H100 Tensor Core GPUs | CVM with Confidential GPU. | 
+
+
+## Azure CLI
+
+You can use the [Azure CLI](/cli/azure/install-azure-cli) with your confidential GPU VMs.
+
+To see a list of confidential VM sizes, run the following command. Replace `<vm-series>` with the series you want to use. The output shows information about available regions and availability zones.
+
+```azurecli-interactive
+vm_series='NCC'
+az vm list-skus \
+    --size dc \
+    --query "[?family=='standard${vm_series}Family'].{name:name,locations:locationInfo[0].location,AZ_a:locationInfo[0].zones[0],AZ_b:locationInfo[0].zones[1],AZ_c:locationInfo[0].zones[2]}" \
+    --all \
+    --output table
+```
+
+For a more detailed list, run the following command instead:
+
+```azurecli-interactive
+vm_series='NCC'
+az vm list-skus \
+    --size dc \
+    --query "[?family=='standard${vm_series}Family']" 
+```
+
+## Deployment considerations
+
+Consider the following settings and choices before deploying confidential GPU VMs.
+
+### Azure subscription
+
+To deploy a confidential GPU VM instance, consider a [pay-as-you-go subscription](/azure/virtual-machines/linux/azure-hybrid-benefit-linux) or other purchase option. If you're using an [Azure free account](https://azure.microsoft.com/free/), the quota doesn't allow the appropriate number of Azure compute cores.
+
+You might need to increase the cores quota in your Azure subscription from the default value. Default limits vary depending on your subscription category. Your subscription might also limit the number of cores you can deploy in certain VM size families, including the confidential VM sizes. 
+
+To request a quota increase, [open an online customer support request](../azure-portal/supportability/per-vm-quota-requests.md). 
+
+If you have large-scale capacity needs, contact Azure Support. Azure quotas are credit limits, not capacity guarantees. You only incur charges for cores that you use.
+
+### Pricing
+
+For pricing options, see the [Linux Virtual Machines Pricing](https://azure.microsoft.com/pricing/details/virtual-machines/linux/). 
+
+### Regional availability
+
+For availability information, see which [VM products are available by Azure region](https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines).
+
+### Resizing
+
+Confidential GPU VMs run on specialized hardware and resizing is currently not supported. 
+
+### Guest OS support
+
+OS images for confidential VMs have to meet certain security and compatibility requirements. Qualified images support the secure mounting, attestation, optional [confidential OS disk encryption](confidential-vm-overview.md#confidential-os-disk-encryption), and isolation from underlying cloud infrastructure. These images include:
+
+- Ubuntu 22.04 LTS
+
+For more information about supported and unsupported VM scenarios, see [support for generation 2 VMs on Azure](../virtual-machines/generation-2.md). 
+
+### High availability and disaster recovery
+
+You're responsible for creating high availability and disaster recovery solutions for your confidential GPU VMs. Planning for these scenarios helps minimize and avoid prolonged downtime.
+
+## Next steps 
+
+> [!div class="nextstepaction"]
+> [Deploy a confidential GPU VM from the Azure portal](quick-create-confidential-vm-portal.md)
+
+For more information see our [Confidential VM FAQ](confidential-vm-faq.yml).
diff --git a/articles/confidential-computing/index.yml b/articles/confidential-computing/index.yml
@@ -6,8 +6,8 @@ summary: Azure confidential computing offers solutions to enable isolation of yo
 metadata:
   title: Azure confidential computing
   description: Learn about how Azure confidential computing protects data in use and learn ways to build confidential workloads in the cloud.
-  ms.service: azure-virtual-machines
-  ms.subservice: azure-confidential-computing
+  ms.service: virtual-machines
+  ms.subservice: confidential-computing
   ms.topic: landing-page
   author: michamcr 
   ms.author: mmcrey
@@ -105,8 +105,8 @@ landingContent:
             url: https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines
       - linkListType: whats-new
         links:
-          - text: Confidential VMs with Intel TDX (Public Preview)
-            url: https://aka.ms/TDX-CVM-pubprev
+          - text: Azure confidential VMs with NVIDIA H100 Tensor Core GPUs (Public Preview)
+            url: https://aka.ms/cvm-h100-blog
 
   # Card
   - title: Container compute
@@ -131,7 +131,7 @@ landingContent:
           - text: App enclave aware container samples
             url: enclave-aware-containers.md
           - text: Confidential VM node pools on AKS
-            url: /azure/aks/use-cvm
+            url: ..\aks\use-cvm.md
       - linkListType: reference
         links:
           - text: Azure architecture center confidential container scenarios
diff --git a/articles/confidential-computing/quick-create-confidential-vm-portal.md b/articles/confidential-computing/quick-create-confidential-vm-portal.md
@@ -2,8 +2,8 @@
 title: Create an Azure confidential VM in the Azure portal
 description: Learn how to quickly create a confidential virtual machine (confidential VM) in the Azure portal using Azure Marketplace images.
 author: RunCai
-ms.service: azure-virtual-machines
-ms.subservice: azure-confidential-computing
+ms.service: virtual-machines
+ms.subservice: confidential-computing
 ms.topic: quickstart
 ms.date: 12/01/2023
 ms.author: RunCai
@@ -57,6 +57,9 @@ To create a confidential VM in the Azure portal using an Azure Marketplace image
 
     h. Toggle [Generation 2](../virtual-machines/generation-2.md) images. Confidential VMs only run on Generation 2 images. To ensure, under **Image**, select **Configure VM generation**. In the pane **Configure VM generation**, for **VM generation**, select **Generation 2**. Then, select **Apply**.
 
+    > [!NOTE]
+    > For NCCH100v5 series, only the **Ubuntu Server 22.04 LTS (Confidential VM)** image is currently supported. 
+
     i. For **Size**, select a VM size. For more information, see [supported confidential VM families](virtual-machine-options.md).
 
 
diff --git a/articles/confidential-computing/virtual-machine-options.md b/articles/confidential-computing/virtual-machine-options.md
@@ -4,8 +4,8 @@ description: Azure Confidential Computing offers multiple options for confidenti
 author: ju-shim
 ms.author: jushiman
 ms.reviewer: mattmcinnes
-ms.service: azure-virtual-machines
-ms.subservice: azure-confidential-computing
+ms.service: virtual-machines
+ms.subservice: confidential-computing
 ms.custom: devx-track-azurecli
 ms.topic: conceptual
 ms.date: 11/15/2023
@@ -31,6 +31,7 @@ We offer the following VM sizes:
 | **DCedsv5-series** | Intel TDX | General purpose CVM with local temporary disk.                                        |
 | **ECesv5-series** | Intel TDX | Memory-optimized CVM with remote storage. No local temporary disk. |
 | **ECedsv5-series** | Intel TDX | Memory-optimized CVM with local temporary disk. |
+| **NCCadsH100v5-series** | AMD SEV-SNP and NVIDIA H100 Tensor Core GPUs | CVM with Confidential GPU. | 
 
 > [!NOTE]
 > Memory-optimized confidential VMs offer double the ratio of memory per vCPU count.
diff --git a/articles/virtual-machines/sizes/gpu-accelerated/includes/nccadsh100v5-series-specs.md b/articles/virtual-machines/sizes/gpu-accelerated/includes/nccadsh100v5-series-specs.md
@@ -0,0 +1,20 @@
+---
+title: NCCads_H100_v5 series specs include
+description: Include file containing specifications of NCCads_H100_v5-series VM sizes.
+author: kphande
+ms.topic: include
+ms.service: azure-virtual-machines
+ms.subservice: sizes
+ms.date: 08/06/2024
+ms.author: khande
+ms.reviewer: mattmcinnes
+ms.custom: include file
+---
+| Part | Quantity <br><sup>Count Units | Specs <br><sup>SKU ID, Performance Units, etc.  |
+|---|---|---|
+| Processor      |  40 vCPUs     | AMD EPYC (Genoa) [x86-64] |
+| Memory         |  320 GiB        |    |
+| Local Storage  |  1 Disk         | 800 GiB  |
+| Remote Storage |  8 Disks        | 100000 IOPS <br>3000 MBps |
+| Network        |  2 NICs        | 40000 Mbps |
+| Accelerators   |  1 GPU            | Nvidia H100 GPU (94GB)    |
diff --git a/articles/virtual-machines/sizes/gpu-accelerated/includes/nccadsh100v5-series-summary.md b/articles/virtual-machines/sizes/gpu-accelerated/includes/nccadsh100v5-series-summary.md
@@ -0,0 +1,20 @@
+---
+title: NCCads_H100_v5-series summary include file
+description: Include file for NCCads_H100_v5-series summary
+author: kphande
+ms.topic: include
+ms.service: azure-virtual-machines
+ms.subservice: sizes
+ms.date: 08/06/2024
+ms.author: khande
+ms.reviewer: mattmcinnes
+ms.custom: include file
+---
+The NCCads H100 v5 series Virtual Machines (VMs) are a new addition to the Azure GPU family. In this VM SKU, Trusted Execution Environment (TEE) spans confidential VM on the CPU and attached GPU, enabling secure offload of data, models, and computation to the GPU.
+The NCCads H100 v5 series Virtual Machines are powered by 4th-generation AMD EPYC™ Genoa processors and NVIDIA H100 Tensor Core GPU. These VMs feature 1 NVIDIA H100 NVL GPUs with 94GB memory, 40 non-multithreaded AMD EPYC Genoa processor cores, and 320 GiB of system memory. These VMs are ideal for real-world Applied AI workloads, such as:
+
+- GPU-accelerated analytics and databases
+- Batch inferencing with heavy pre- and post-processing
+- Machine Learning (ML) development
+- Video processing
+- AI/ML web services
diff --git a/articles/virtual-machines/sizes/gpu-accelerated/nc-family.md b/articles/virtual-machines/sizes/gpu-accelerated/nc-family.md
@@ -29,12 +29,20 @@ ms.author: mattmcinnes
 [!INCLUDE [nc-series-specs](./includes/nc-series-specs.md)]
 
 
-### NCads_-_H100_v5-series
-[!INCLUDE [ncads_-_h100_v5-series-summary](./includes/ncadsh100v5-series-summary.md)]
+### NCads_H100_v5-series
+[!INCLUDE [ncads_h100_v5-series-summary](./includes/ncadsh100v5-series-summary.md)]
 
-[View the full NCads_-_H100_v5-series page](./ncadsh100v5-series.md).
+[View the full NCads_H100_v5-series page](./ncadsh100v5-series.md).
 
-[!INCLUDE [ncads_-_h100_v5-series-specs](./includes/ncadsh100v5-series-specs.md)]
+[!INCLUDE [ncads_h100_v5-series-specs](./includes/ncadsh100v5-series-specs.md)]
+
+
+### NCCads_H100_v5-series
+[!INCLUDE [nccads_h100_v5-series-summary](./includes/nccadsh100v5-series-summary.md)]
+
+[View the full NCCads_H100_v5-series page](./nccadsh100v5-series.md).
+
+[!INCLUDE [nccads_h100_v5-series-specs](./includes/nccadsh100v5-series-specs.md)]
 
 
 ### NCv2-series
diff --git a/articles/virtual-machines/sizes/gpu-accelerated/nccadsh100v5-series.md b/articles/virtual-machines/sizes/gpu-accelerated/nccadsh100v5-series.md
@@ -0,0 +1,104 @@
+---
+title: NCCads_H100_v5 size series
+description: Information on and specifications of the NCCads_H100_v5-series sizes
+author: kphande
+ms.service: azure-virtual-machines
+ms.subservice: sizes
+ms.topic: conceptual
+ms.date: 08/06/2024
+ms.author: khande
+ms.reviewer: mattmcinnes
+---
+
+# NCCads_H100_v5 sizes series
+
+[!INCLUDE [nccadsh100v5-summary](./includes/nccadsh100v5-series-summary.md)]
+
+## Host specifications
+[!INCLUDE [nccadsh100v5-series-specs](./includes/nccadsh100v5-series-specs.md)]
+
+## Feature support
+[Premium Storage](../../premium-storage-performance.md): Supported <br>[Premium Storage caching](../../premium-storage-performance.md): Supported <br>[Live Migration](../../maintenance-and-updates.md): Not Supported <br>[Memory Preserving Updates](../../maintenance-and-updates.md): Not Supported <br>[Generation 2 VMs](../../generation-2.md): Supported <br>[Generation 1 VMs](../../generation-2.md): Not Supported <br>[Accelerated Networking](../../../virtual-network/create-vm-accelerated-networking-cli.md): Not Supported <br>[Ephemeral OS Disk](../../ephemeral-os-disks.md): Supported <br>[Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization): Not Supported <br>
+
+## Sizes in series
+
+### [Basics](#tab/sizebasic)
+
+vCPUs (Qty.) and Memory for each size
+
+| Size Name | vCPUs (Qty.) | Memory (GB) |
+| --- | --- | --- |
+| Standard_NCC40ads_H100_v5 | 40 | 320 |
+
+#### VM Basics resources
+- [Check vCPU quotas](../../../virtual-machines/quotas.md)
+
+### [Local storage](#tab/sizestoragelocal)
+
+Local (temp) storage info for each size
+
+| Size Name | Max Temp Storage Disks (Qty.) | Temp Disk Size (GiB) | Temp Disk Random Read (RR)<sup>1</sup> IOPS | Temp Disk Random Read (RR)<sup>1</sup> Speed (MBps) | Temp Disk Random Write (RW)<sup>1</sup> IOPS | Temp Disk Random Write (RW)<sup>1</sup> Speed (MBps) | Local-Special-Disk-Count | Local-Special-Disk-Size-GB | Local-Special-Disk-RR-IOPS | Local-Special-Disk-RR-MBps |
+| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
+| Standard_NCC40ads_H100_v5 | 1 | 800 |  |  |  |  |  |  |  |  |
+
+#### Storage resources
+- [Introduction to Azure managed disks](../../../virtual-machines/managed-disks-overview.md)
+- [Azure managed disk types](../../../virtual-machines/disks-types.md)
+- [Share an Azure managed disk](../../../virtual-machines/disks-shared.md)
+
+#### Table definitions
+- <sup>1</sup>Temp disk speed often differs between RR (Random Read) and RW (Random Write) operations. RR operations are typically faster than RW operations. The RW speed is usually slower than the RR speed on series where only the RR speed value is listed.
+- Storage capacity is shown in units of GiB or 1024^3 bytes. When you compare disks measured in GB (1000^3 bytes) to disks measured in GiB (1024^3) remember that capacity numbers given in GiB may appear smaller. For example, 1023 GiB = 1098.4 GB.
+- Disk throughput is measured in input/output operations per second (IOPS) and MBps where MBps = 10^6 bytes/sec.
+- To learn how to get the best storage performance for your VMs, see [Virtual machine and disk performance](../../../virtual-machines/disks-performance.md).
+
+### [Remote storage](#tab/sizestorageremote)
+
+Remote (uncached) storage info for each size
+
+| Size Name | Max Remote Storage Disks (Qty.) | Uncached Disk IOPS | Uncached Disk Speed (MBps) | Uncached Disk Burst<sup>1</sup> IOPS | Uncached Disk Burst<sup>1</sup> Speed (MBps) | Uncached Special<sup>2</sup> Disk IOPS | Uncached Special<sup>2</sup> Disk Speed (MBps) | Uncached Burst<sup>1</sup> Special<sup>2</sup> Disk IOPS | Uncached Burst<sup>1</sup> Special<sup>2</sup> Disk Speed (MBps) |
+| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
+| Standard_NCC40ads_H100_v5 | 8 | 100000 | 3000 |  |  |  |  |  |  |
+
+#### Storage resources
+- [Introduction to Azure managed disks](../../../virtual-machines/managed-disks-overview.md)
+- [Azure managed disk types](../../../virtual-machines/disks-types.md)
+- [Share an Azure managed disk](../../../virtual-machines/disks-shared.md)
+
+#### Table definitions
+- <sup>1</sup>Some sizes support [bursting](../../disk-bursting.md) to temporarily increase disk performance. Burst speeds can be maintained for up to 30 minutes at a time.
+- <sup>2</sup>Special Storage refers to either [Ultra Disk](../../../virtual-machines/disks-enable-ultra-ssd.md) or [Premium SSD v2](../../../virtual-machines/disks-deploy-premium-v2.md) storage.
+- Storage capacity is shown in units of GiB or 1024^3 bytes. When you compare disks measured in GB (1000^3 bytes) to disks measured in GiB (1024^3) remember that capacity numbers given in GiB may appear smaller. For example, 1023 GiB = 1098.4 GB.
+- Disk throughput is measured in input/output operations per second (IOPS) and MBps where MBps = 10^6 bytes/sec.
+- Data disks can operate in cached or uncached modes. For cached data disk operation, the host cache mode is set to ReadOnly or ReadWrite. For uncached data disk operation, the host cache mode is set to None.
+- To learn how to get the best storage performance for your VMs, see [Virtual machine and disk performance](../../../virtual-machines/disks-performance.md).
+
+
+### [Network](#tab/sizenetwork)
+
+Network interface info for each size
+
+| Size Name | Max NICs (Qty.) | Max Bandwidth (Mbps) |
+| --- | --- | --- |
+| Standard_NCC40ads_H100_v5 | 2 | 40000 |
+
+#### Networking resources
+- [Virtual networks and virtual machines in Azure](../../../virtual-network/network-overview.md)
+- [Virtual machine network bandwidth](../../../virtual-network/virtual-machine-network-throughput.md)
+
+#### Table definitions
+- Expected network bandwidth is the maximum aggregated bandwidth allocated per VM type across all NICs, for all destinations. For more information, see [Virtual machine network bandwidth](../../../virtual-network/virtual-machine-network-throughput.md)
+- Upper limits aren't guaranteed. Limits offer guidance for selecting the right VM type for the intended application. Actual network performance will depend on several factors including network congestion, application loads, and network settings. For information on optimizing network throughput, see [Optimize network throughput for Azure virtual machines](../../../virtual-network/virtual-network-optimize-network-bandwidth.md). 
+-  To achieve the expected network performance on Linux or Windows, you may need to select a specific version or optimize your VM. For more information, see [Bandwidth/Throughput testing (NTTTCP)](../../../virtual-network/virtual-network-bandwidth-testing.md).
+
+### [Accelerators](#tab/sizeaccelerators)
+
+Accelerator (GPUs, FPGAs, etc.) info for each size
+
+| Size Name | Accelerators (Qty.) | Accelerator-Memory (GB) |
+| --- | --- | --- |
+| Standard_NCC40ads_H100_v5 | 1 | 94 |
+
+---
+
+[!INCLUDE [sizes-footer](../includes/sizes-footer.md)]
diff --git a/articles/virtual-machines/sizes/overview.md b/articles/virtual-machines/sizes/overview.md
